Wednesday, March 23, 2011

As some of my regular readers know, in October 2009, I attended an invitation-only surveillance industry conference in Washington DC. It was at that event where I recorded an executive from Sprint bragging about the 8 million GPS queries his company delivered via a special website to law enforcement agencies in a 13 month period.

At that same event, Paul W. Taylor, the manager of Sprint/Nextel’s Electronic Surveillance team revealed that the wireless carrier also provides a next-generation surveillance API to law enforcement agencies, allowing them to automate and digitally submit their requests for user data:

"We have actually our LSite [Application Programming Interface (API)] is, there is no agreement that you have to sign. We give it to every single law enforcement manufacturer, the vendors, the law enforcement collection system vendors, we also give it to our CALEA vendors, and we've given it to the FBI, we've given it to NYPD, to the Drug Enforcement Agency. We have a pilot program with them, where they have a subpoena generation system in-house where their agents actually sit down and enter case data, it gets approved by the head guy at the office, and then from there, it gets electronically sent to Sprint, and we get it ... So, the DEA is using this, they're sending a lot and the turn-around time is 12-24 hours. So we see a lot of uses there."

My PhD research is focused on the relationship between communications and applications service providers and the government, and the way that these companies voluntarily facilitate (or occasionally, resist) surveillance of their customers. As such, this sounded pretty interesting, and so on December 3, 2009, I filed a FOIA request with the DEA to get documents associated with the Sprint LSite API and the DEA's use of the system.

On March 8, 2011, I received a letter (pdf) from the DEA, telling me that although they found 38 pages of relevant material, they are withholding every single page.

I will of course be appealing this rejection, either by myself, or with any luck, someone experienced with FOIA appeals and litigation will contact me and offer to help.

It is bad enough that Sprint is bending over backwards to assist the government in its surveillance of Sprint customers, but what is even worse, is that the DEA is refusing to allow the public to learn anything about this program. If, as Mr Taylor suggested, there is a computer in every DEA office connected directly to Sprint's computer systems, the public has a right to know.

Christopher Soghoian, Ph.D. is a Washington, DC based privacy and security researcher. He is the Principal Technologist in the Speech, Privacy and Technology Project at the American Civil Liberties Union.